Malware Analysis Report

2024-11-13 14:28

Sample ID 240603-lnmcjsbf48
Target 2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk
SHA256 59141d9dd5d439d462b01de588b3e4a59728c1a9087ac52b7107afe7926c4296
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

59141d9dd5d439d462b01de588b3e4a59728c1a9087ac52b7107afe7926c4296

Threat Level: Shows suspicious behavior

The file 2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 09:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 09:40

Reported

2024-06-03 09:43

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\7cff3ebdd590e271.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_95296\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_95296\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_95296\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\System32\alg.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_ab110a2cd8d6e8f0505524f95c130324_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 54.157.24.8:80 przvgke.biz tcp
US 54.157.24.8:80 przvgke.biz tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 8.24.157.54.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 197.86.237.3.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 34.193.97.35:80 fwiwk.biz tcp
US 34.193.97.35:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 35.97.193.34.in-addr.arpa udp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 23.154.80.54.in-addr.arpa udp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 gnqgo.biz udp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 3.237.86.197:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 54.80.154.23:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 8.8.8.8:53 173.204.218.34.in-addr.arpa udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 44.200.43.61:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 3.237.86.197:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 54.80.154.23:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 54.80.154.23:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 3.237.86.197:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 3.237.86.197:80 zrlssa.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 xyrgy.biz udp
US 54.80.154.23:80 xyrgy.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 44.208.124.139:80 htwqzczce.biz tcp
US 44.208.124.139:80 htwqzczce.biz tcp
US 8.8.8.8:53 139.124.208.44.in-addr.arpa udp
US 8.8.8.8:53 kvbjaur.biz udp
US 54.244.188.177:80 kvbjaur.biz tcp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 hlzfuyy.biz udp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 rffxu.biz tcp
US 8.8.8.8:53 cikivjto.biz udp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 qncdaagct.biz udp
US 34.218.204.173:80 qncdaagct.biz tcp
US 8.8.8.8:53 shpwbsrw.biz udp
SG 13.251.16.150:80 shpwbsrw.biz tcp
US 8.8.8.8:53 cjvgcl.biz udp
US 54.80.154.23:80 cjvgcl.biz tcp
US 8.8.8.8:53 neazudmrq.biz udp
US 3.237.86.197:80 neazudmrq.biz tcp
US 8.8.8.8:53 pgfsvwx.biz udp
US 54.80.154.23:80 pgfsvwx.biz tcp
US 8.8.8.8:53 aatcwo.biz udp
US 34.218.204.173:80 aatcwo.biz tcp
US 8.8.8.8:53 kcyvxytog.biz udp
US 18.208.156.248:80 kcyvxytog.biz tcp
US 8.8.8.8:53 nwdnxrd.biz udp
US 54.244.188.177:80 nwdnxrd.biz tcp
US 8.8.8.8:53 ereplfx.biz udp
US 44.213.104.86:80 ereplfx.biz tcp
US 8.8.8.8:53 ptrim.biz udp
SG 18.141.10.107:80 ptrim.biz tcp
US 8.8.8.8:53 znwbniskf.biz udp
US 34.218.204.173:80 znwbniskf.biz tcp
US 8.8.8.8:53 cpclnad.biz udp
US 3.237.86.197:80 cpclnad.biz tcp
US 8.8.8.8:53 mjheo.biz udp
US 3.237.86.197:80 mjheo.biz tcp
US 8.8.8.8:53 wluwplyh.biz udp
SG 18.141.10.107:80 wluwplyh.biz tcp
US 8.8.8.8:53 zgapiej.biz udp
US 18.208.156.248:80 zgapiej.biz tcp
US 8.8.8.8:53 jifai.biz udp
US 44.221.84.105:80 jifai.biz tcp
US 8.8.8.8:53 xnxvnn.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 8.8.8.8:53 ihcnogskt.biz udp
US 35.164.78.200:80 ihcnogskt.biz tcp
US 8.8.8.8:53 kkqypycm.biz udp
SG 18.141.10.107:80 kkqypycm.biz tcp
US 8.8.8.8:53 uevrpr.biz udp
US 44.213.104.86:80 uevrpr.biz tcp
US 8.8.8.8:53 fgajqjyhr.biz udp
US 34.211.97.45:80 fgajqjyhr.biz tcp
US 8.8.8.8:53 hagujcj.biz udp
US 18.208.156.248:80 hagujcj.biz tcp
US 8.8.8.8:53 sctmku.biz udp
US 35.164.78.200:80 sctmku.biz tcp
US 8.8.8.8:53 cwyfknmwh.biz udp
US 8.8.8.8:53 qcrsp.biz udp
US 34.211.97.45:80 qcrsp.biz tcp
US 8.8.8.8:53 sewlqwcd.biz udp
US 3.237.86.197:80 sewlqwcd.biz tcp
US 8.8.8.8:53 dyjdrp.biz udp
US 54.244.188.177:80 dyjdrp.biz tcp
US 8.8.8.8:53 napws.biz udp
US 35.164.78.200:80 napws.biz tcp
US 8.8.8.8:53 qvuhsaqa.biz udp
US 54.244.188.177:80 qvuhsaqa.biz tcp
US 8.8.8.8:53 apzzls.biz udp
US 34.211.97.45:80 apzzls.biz tcp
US 8.8.8.8:53 krnsmlmvd.biz udp
US 34.218.204.173:80 krnsmlmvd.biz tcp
US 8.8.8.8:53 nlscndwp.biz udp
US 54.244.188.177:80 nlscndwp.biz tcp
US 8.8.8.8:53 bzkysubds.biz udp
US 3.94.10.34:80 bzkysubds.biz tcp
US 8.8.8.8:53 ltpqsnu.biz udp
US 54.80.154.23:80 ltpqsnu.biz tcp
US 8.8.8.8:53 vnvbt.biz udp
US 44.213.104.86:80 vnvbt.biz tcp
US 8.8.8.8:53 udp
US 3.94.10.34:80 tcp
US 8.8.8.8:53 udp
US 35.164.78.200:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

memory/1400-0-0x0000000001FC0000-0x0000000002020000-memory.dmp

memory/1400-6-0x0000000001FC0000-0x0000000002020000-memory.dmp

memory/1400-8-0x0000000140000000-0x00000001401F0000-memory.dmp

C:\Windows\System32\alg.exe

MD5 65116f8e77df8ef6b4560a1d5096993e
SHA1 9519f46e8584b0fca8c7e744e7c5562fc2ab2487
SHA256 c0836f53968b54569caccb293aa3864155ffbfb5a3f13a9b638d747a41bf2609
SHA512 4d283afe1589cb8577671bdd1dd5a1fb85ac7fd5770b556c48b2e6f669220188d139fff011991423c2399fb484da1f2bb389b613255eb59d4fec1a68e8ce35fe

memory/4856-12-0x0000000140000000-0x00000001401E9000-memory.dmp

memory/4856-13-0x00000000006E0000-0x0000000000740000-memory.dmp

memory/4856-21-0x00000000006E0000-0x0000000000740000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 2ed2235344dc85348c5d639e36ca1249
SHA1 5384221f0d84b02cb23ce750a92155f91341ef9b
SHA256 13d9cb9ba3568dbf4cfc7776b18e71bbd657d3bf4e61fd3ffa5109e6150494d7
SHA512 9fedd9b1ae9232cfff4c87bbefa9180de2d79e1fe7944ddee6e5a2cb750a5756cfb14b996b559b64807826bceddb02e38fa8a7d2be95b5e0698d7f8f9f1ad988

memory/2636-26-0x0000000000580000-0x00000000005E0000-memory.dmp

memory/2636-35-0x0000000000580000-0x00000000005E0000-memory.dmp

memory/2636-34-0x0000000140000000-0x00000001401E8000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 3c4420f16a017c14755e6cbc8223c3ab
SHA1 61235781c64cdca9fb5298eb81c34617277f8cfe
SHA256 5e9a4478a1de5c847c46b1ab0f6902809447255d745d303bd1311dc363a7b744
SHA512 62032748800932bc6d95f1c324f57b7c63b34e5566ce0613b966a3c51d37de7ebb4edc22a725784b34b155e3f5bf9ab7b0add5e849a437e13f9907d51e724d12

C:\Windows\system32\fxssvc.exe

MD5 a40c0bfe96bca88db80c97e820554941
SHA1 d11d96aeada30387097f22ebcdad0a0c1a23447d
SHA256 482dc56f2fe7c4d21af9dd68a24b4174c05d5c79c1cb65a6301b8b2a06baf50c
SHA512 557ad78f3969ec49a3a568615d88a7333c31c113c1344cd5f1c0967d55ebb8fc120a7b04ab18f1a8f7a306cafc912a30c4fbc0a8e5631537ea89c6d1c227adfe

memory/1400-41-0x0000000140000000-0x00000001401F0000-memory.dmp

memory/3424-44-0x0000000140000000-0x000000014024B000-memory.dmp

memory/3120-54-0x0000000140000000-0x0000000140135000-memory.dmp

memory/3424-61-0x0000000000CC0000-0x0000000000D20000-memory.dmp

memory/1912-71-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/1912-74-0x0000000140000000-0x000000014022B000-memory.dmp

memory/3120-77-0x0000000140000000-0x0000000140135000-memory.dmp

memory/3120-75-0x0000000000DC0000-0x0000000000E20000-memory.dmp

memory/1912-65-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 bfc60f36ea55427a46e80eff09b7f4d7
SHA1 2570abfd5ac2859f245234e8309fe00cd87d5216
SHA256 5c9d30ccbd7415a398d3b961e7db86bf7c14771c4155289a86b2156cce968c2f
SHA512 ad2ca9297356c921085766f8cd3c0397b587612a4bbf634a8fdd853c0a1bedfba6609042e051d07ca5299a648708e37e5ee71f2b41afc8b31cb62644d1a8b889

memory/3424-55-0x0000000000CC0000-0x0000000000D20000-memory.dmp

memory/3120-52-0x0000000000DC0000-0x0000000000E20000-memory.dmp

memory/3120-46-0x0000000000DC0000-0x0000000000E20000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 2cf27fd27f5671ee5c9e16ecb627c641
SHA1 d320fd434b0620c8b32ed3cc24bf70594dd1ee28
SHA256 c34e2147b09a30e41950323e595dcf4ae36fd8de8a40698aa0cc5e24fc7865c8
SHA512 fc8f3d0d63e53941767f81e14f516d4e3cf37212585872eadeef7b45160542a25875eda14bd53947da873b8dcd1e4c99be11d95f7625d51fb5bb4c7defe23775

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 0d91e06da66a1fa494cac7f33dddbce1
SHA1 c10c98853c9eadbdcf286b62b094ca61443164bc
SHA256 7715d155bc983e14ec8b1b4762e7e26a0a4cf1bc0a79f52b17f0a9db899491cb
SHA512 1377be76208c75057ce07d2d8be30a5962f2e10709dad1ac132ae9c5012ba12e3f739ec21264f075655e2c0770813fa5588bdb286fe32f520ccb1fafa72b7d63

memory/3660-79-0x0000000000C00000-0x0000000000C60000-memory.dmp

memory/3660-87-0x0000000140000000-0x000000014020E000-memory.dmp

memory/3660-85-0x0000000000C00000-0x0000000000C60000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 9306701c70e979a1c2743ec79734a835
SHA1 1f61190a9e8bc59987ef17a7f3d0718abacfc332
SHA256 d56126b6bdc812f5e7ca8f02f872baa5a8a5baa6ee1db90116f138ba2079477d
SHA512 d0abf66eec27710b8fd87400ba915465c4cf1d57563472977f5b3bdcc2024d64990bd1ecb013d14b956459db8a475b5558cc63e10068d1c7ebe1fd25f6b07a9a

memory/3660-89-0x0000000000C00000-0x0000000000C60000-memory.dmp

memory/3660-93-0x0000000140000000-0x000000014020E000-memory.dmp

memory/856-94-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/856-102-0x0000000140000000-0x000000014020E000-memory.dmp

memory/4856-261-0x0000000140000000-0x00000001401E9000-memory.dmp

memory/2636-262-0x0000000140000000-0x00000001401E8000-memory.dmp

memory/3424-263-0x0000000140000000-0x000000014024B000-memory.dmp

memory/1912-266-0x0000000140000000-0x000000014022B000-memory.dmp

memory/856-267-0x0000000140000000-0x000000014020E000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 e9a9c0b453fb1b50ea3ad16a1e505ff1
SHA1 9a08382a3505fea58e2e71244dc43e3d0db71134
SHA256 80ec3297e776f1b4c0ff96eeb361b032f976dbf56af5da270dba2011476fa59e
SHA512 d80fff9dcfa3f83583883d4aae7f71de52c0727da575fff8de917079aeb05414ab5bfcc7b072abda625187f2f7bd48efbcee976fa794302dd5046f465a8ca28d

C:\Program Files\dotnet\dotnet.exe

MD5 996b89e518260b0255d2a6e544d5b587
SHA1 579237951bdc8168b9d3f82708c1c47c9a215ad1
SHA256 2881a52f8e00b29d4ef5cb4b9f58056dbbaa630c7dab9f3b1b5b303dcebd4ca3
SHA512 d8080c37656ff707db83b6574966579367e533dca726b62293db195082188967ef40ba442b0844bf2a1c84bd0c6018bb9a50dc4938045e28a8eb173ca8f69eea

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 72ce6a56f7da8e400534822acb25c077
SHA1 311c423e0b65a83b640ba8258c142d25df451ba1
SHA256 d29308571cefaa8cfc75ff11b10a77e213c2dcfaaa41686e47558a90cb2d339a
SHA512 6616950f3d70654e72d023a527b072f79a4f6020a635e94862888d0d12d2237680fb8d723aef695b7472ed58a584feb3a09e684159be9b15158f860a1ce409f1

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 c780cd7eefbe945bf19e7a7cedeb7b97
SHA1 081c62c32d8a18db400617efda4ad77e828cde08
SHA256 016b219737ac7bd2741655c722c5582d1df79aa670633af159e0b391ddbee0d6
SHA512 f34f636c1668a2b0156b944852ad7df1fd2dd4d1cdc23ca36cf56c7f81e550a7c36852a545a1ca19f5b31b133931d0893b6c11fb700210eaa4d192cf34df612c

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 b2dbcc5b80d9ca1240b184426ae66669
SHA1 389a18a450df8b6979c6de5f118af623c9901a46
SHA256 4da03bc765bf640f80d9dfb94ddc5815dfe43d3e26bec86db2fe46fcc8927607
SHA512 d5911b6fe7065041fc1677194d230f16cd1d86072546666988d60abca453adce80685c94d509532cb2f1e9687db5c3d3edaf191fd73f1965ea908571d6980e2d

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 6e62d5a71c68b27785cbe9ca15778a0b
SHA1 cc2721f3582561878016711546dfd720b5e6518d
SHA256 b5feaad3caeb3bba60a2a09e9ad037dceeaced98d5ece09043202b8c6e226f5c
SHA512 a2981600cf54124ed74c7e90b61847d0d9a7ce6cf89a2baff75c1daedb6600bbcd4f5abcb8eee4ce173aca517ce0db08b1034ce3a7435f99e9d9b718929555aa

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 08b761adbc4c34daac4c600f890aa534
SHA1 91358df834a6c237ffa9ddc3b69548cc4764851c
SHA256 bcc69e1c27248384dd0bfb1414581082a90372aa9150032480699d94fc3f9b7a
SHA512 adb88086119174c4a1fbf2f0b04f228bfa74d3a079033c887b30ae184288770f1d4df932c49cd7298db0324717f17bd37a00dc416f3f902a4bdb58e8230adcc5

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 ef43c66b0d11a3dc9d456597baf5b7cb
SHA1 195251211fe94d86f60abc4bc37189d59f68e8cc
SHA256 988f5c31a2025b2840d89f43005e67d4904c7fc87fa36c474882aa06805d5152
SHA512 2c97073a17a21deff53ac78429bf67918fab0d25ce099a1a3ef30050d66d830ba75eee04fa3a23da85f3ec16dd4ecc43123bc9d4de0468631489cab739401373

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 3e702244d70474da8d078cb01371444b
SHA1 bc5447c97821eca1a588eaf5778c56647460804a
SHA256 5ebd2d8c1c77dddb0a438b0e3bbfcb4ed56990a2b7ed96e9cda8a7262314bf6a
SHA512 44316d9f9d0611e547c098e4d034ce64917e983767e313f72e18655cc90433fb9469c5bb0be4160cbb5088b0593faa69884e89a6f69125a417013e1053b21020

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 45dd6db54d9e12193b83cdf8dc60f7b3
SHA1 f64faf8699af73bef24ca9126bcc962a49ab166a
SHA256 97b7c9ab1852f9f5e59f54e20e9cc54d97c91c2c03b6dc4863d280866fee2443
SHA512 c3d1e0b7fc3b97a2785280f3a69e223509c8ace4f055a5e79e1b7d1293b17b799be13a9fd2767538e68f2396c90ac2b0343b2dce86369e7af983a3fb92b0b614

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 7f04d63bc12dce1ffc3bc6999d4c22f7
SHA1 f98f4e6e5d16e3e62d02763b3139371bb0f423e2
SHA256 ac9cb5a9c502f80ed2fe650736a74b0428c8abfeb2dbfdb4106bb3f59cc9ae6b
SHA512 3881362c4f95299b2ad989f3939b036541568f28f41eccb706312f2cf7ba200a0a0d3bb83d2c6bfeba337740aa8be3169900e7a52205a046a77e91faeab8de86

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 c49125522d4085274e97cf7824cb3890
SHA1 28429b9e1fe5b1b0223c3d36ce430324448ee422
SHA256 cdf3f199078a1eada0438702caa650f0957c4f2f45a1a83eb2758dae1daeb530
SHA512 568fe28a19b72530373e666ebd2847aaedcc555c1cccdf6e1b0d6d8554ef09e4d1d35116c53272a5cf115f574e87d2e305dcb579dd494b72c72a88e20532a892

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 bd397d2d89a397e56953d25bdada288d
SHA1 64378e4a95782fae64d5cc76edcb5664881329db
SHA256 ef1d16e7ecbe33c2cdd6f50534256ee835512bda909123234b26ba43a12b0d98
SHA512 810f745ac230ef231c9236a8db8a811d3596665ad784e56cef5745fb77652891be402ffd8887dca0e799353b9f61362cf47345b0a668d12952e3adad394fd473

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 a6927f218c750744670c43928f8f3161
SHA1 4716311206208fa4362ef6a5568e1d2a8cff4d0a
SHA256 feec8a147edca644572b9d225fcd8bcdde9274230bd2c817b07fc827db9d3c0c
SHA512 b2a722ccc1af19bf6c8c662a20c4fe226327d61a320029867cff924c01043a8c4af08a191e075567f89ed7af373c8c1a6adc7b86aae71daa72fcd5e29496b6e8

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 5233fed5d931dfc50631ff963f65b93d
SHA1 12ba0d862b01f44ad45f64b4f046cf722151619c
SHA256 998d472e6f16b6c42ff80ef2c1cff1cb47de0fbb915f7eb55b03e1285ee9cc6b
SHA512 e0e2b9b6a4629ba02a670c8537b9145dcd353ac0311f5ca4f91b547b7bb71663fea91a21a5acc88cd6bddb5f4b1823dfd853710076f984cc5259647610bb19b4

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 54d509234ed48508d19ef47835b956a6
SHA1 372691229a2d5012ff6516f19a180057650f2a80
SHA256 252a98a4ae6c8f2cc10e7c815848d1c3176d252859bae942d07dbd4756c4a27d
SHA512 befa0a82b097873eb543c678ee1e7375a3bb68e39c6a951e1897872839598f8334e22dbb3c818c10e313f5d7b63f44f1730710b0478c2d5a3d7c7f89abf317da

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 ec3ea801e22be450c139b273c274b09b
SHA1 6522f3e4a0c7d555bb34af0ce79183d7ed37c547
SHA256 dfd3c95665216eccd795c1d4eb15499f867ab88520330508016b75fefbd76869
SHA512 345263be463176ed1710fea396531ee099bdd31ea16aeb8b795d31a69866cb109791e33d361d31d976cf46de766d384ce723a20b53404e85233a9aa8cc54c9f4

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 14cb6bb168a923a02c7e2bde96c4d766
SHA1 778d36217d20cdaa36ea8d720a115133e884033a
SHA256 cb9a35b23b29b92d9524e20f3fbbdafed42420ef763f767c930ec8ea8dddfe11
SHA512 80e58632c25e7d3782de4a963e24bf288cee3f7cf0df2578e1e04a91db4af904ce5b9507cdc25f44c62c64a02d0837691640afee7461190b5a5899c9bec8ba11

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 a0cb1ac51076c103588e44db1c804a84
SHA1 946dcb28d0fbddbc1cddfd12619b21915b7a2abd
SHA256 e8b09e40097bef717753cd8970a8a6815beb6abbe7c681e24e3b6334bac74355
SHA512 710eedebfdbf1b001c8ef6b65dde9f4ea32d12e4ac0af20a5f8692bf557de1a819d7ae5132fd793abb7fcf79cfef795ba3727b71a91f534b8e7ed608da710999

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 d2e75f36f3d7d678c8044e4c125adc2f
SHA1 ba00a94935860c45cbd8a0a6eadeed3e95961821
SHA256 16e89508c3695076ad454bf516a5a1d363a1670c04bd6cb132650ee5d71a4ff0
SHA512 b83ed0264dd29a8620cc4b5a8152f09729705f8d09ed73e21d5cc36bdbb10b8fd14db550aa61970d6783983d97dac84e2c29c4e71f734b2c01825bfd23b193e1

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 fcdb6f9d319779b0758c5221541ab418
SHA1 804603124376bcbe380aa60bf7cf22d95e997db1
SHA256 a3f3424191b97d49d01fd4727a9be25f6011e5d7faf4792d35757ccbf16fdaa6
SHA512 6d821029883d2d561a715aaa67c7a268b30529c1abff49a49699e22f504c9b2924b46226dcd01e312d4770c463ee34f1a45e97be6eafe06084d6ef19e88e6d29

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 92b174b1141a9175008fc7b54bb8a16e
SHA1 6550c60c8dfe8277f13295f0d038cc0d39c4e4e0
SHA256 11569e8a7f40b0a041a0984a4c0847f2f33fb1c1fa1e5719a075fa1ee896030d
SHA512 ed0e7ddcfaf6e897a098aa038c19ab24278517bfb176fe553a6ed2681028802fd8074eeee5e95585fe6bc03ee037b998142bb79323d55001a1be5e1222ea4373

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 c8c919edbe10de5ff79789a0074380d9
SHA1 91c30c3b40487fb774ca3d6b7f9285a6dcbddf6d
SHA256 69ee79d5e15a2d6072acde296461cbed198826e0eccab9d8edbcf7466d0c17d1
SHA512 f1a8e86f4b90a1e1670094cd79d28e7e0370befc0bbb810ec820ac76d97d3a4a283a24b61e8a2297245e27ca15c5fd8f6324ccbe9698fd6a7cd32614c1c6ca1d

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 5d45bf4c0ab8df53ab5ce72cdc07b345
SHA1 5902978d89c86960d5fd28f0c3846aa1473f59f4
SHA256 1f503a8f4d4f66ac4d316046da9b5de6baa068ebcb869b7ce12a3b29fda27ec6
SHA512 faf5f629fc12a80337bda5f86f4d25070268028bfba3c971497ec8f05b4907a00a64213fe7cdcda1acea0cd9562ee8cc3a3534254b479a4cececb4de1b84eb84

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 c3935f80c5bc5f0c1199cf2f46708f8b
SHA1 bfa7fceffd764415fe9f263d8a3ca98e4a0e383c
SHA256 b5e33035c91346352f6d0649d8fd1959bd9aac5cf2002b0f857d7f09485bfc73
SHA512 fedd4e4cee04ddc802059c35c49a2d9a0b5e4eafd66bfd8ef6c498e38d3ff8b53d924a3cd339988c5f063309a92312d37596918487215dddebbaa94aebc33d59

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 f4c8d2b3f87328955bdf2295170433c4
SHA1 2ffde38938947d6dba1fc0f3fa8499b3e8403f1b
SHA256 eb8fd84caaa860990f361d54a47857bb1cb61a74a5c97717f78aaa9fda8ca0a8
SHA512 708170bb841da650b4680cd1ccee848559803fd5582567e811c150ffe35078f1db3bcc198716ee5fa60142eb51997c8f8b4881b1678a1912932a5c5b6ced6709

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 1f2903459919c745324e203ec04fee18
SHA1 a0d5f520a0eb8b7df4f9c716e29bd50d82dc13e2
SHA256 77156068b285b7d795255e9376f86414519e636953c8622e03cafebfdbfc1387
SHA512 22d7ecde1124eae23f02fce298dc00af33fcfbe2e79d945f81a140b019df08bf01e8d391dfca686f891db7845cf9610423ecc2e5dffd43bbfc9c9a6027abf562

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 f09e7f8e59189e522d18dc69d2f5f954
SHA1 686bdc2d87772cab0fb49273522b8eb39e8b4733
SHA256 eab1c3c00f62225c533510b5ed3141b4b0c454250987fcb751d5ee99db6b54af
SHA512 787ff69fc3524f8c444667788e40e881307bb1c80d840418f8df1faef84aebf25b7b060888d51434cf3ce32f0d4ba7aa6a4f9b9661d29b09d665752388d454e8

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 7f7bf3887bc06395f3f447f092b35c97
SHA1 7f8b964531657d4ed960b312e61ed398a01617eb
SHA256 46c160e81d7adb2a606f1d4fc9d0ec50b3e41b8aae30d18f82d3dfdd0d34ec9d
SHA512 def943be07504b0aee743ec2002ca6f7670eebeef01021f5da81b762b26ef47c6ff3bc84ea9003b18f903100e4596b262f6f553276b42b1da8d57a23fa56e835

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 b12691111dbcc4bdbd50b71bc92df229
SHA1 a07c6260d2353cdef6299748bf655aef6bb6e21c
SHA256 4f2ad71dca003c8a166fb776861f194aec84517524ef44c6435152239c9125d7
SHA512 8929a0a1dd2af0687a8d6ed77ea937c389bb0d4ce0d44b77915fc0eaf7bf6a3b59636a6020ecee314a500e622e308082d67ad2ee568793a6be85dd618d5a05a5

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 92ee613107d2fbf54ae0753b5d23e8c5
SHA1 3e2ddd193c343a16e7a6cfee3bdaaf58fafc5299
SHA256 64659f18401c13897ff03ebb6799a7747ab7ba8f387dcc8efe8a77dcd6ba617f
SHA512 c3723b80227179fd6d1fa12823b0477dd436f9b2665b94601235fbc745f5331265a9cf9ca6bcc4cae76a6bc9b58ceedc377a305e498bdc0b9751dad019dabc55

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 e1897f6dc1bcc51393e4a7f89a2a7142
SHA1 829878b09a7709726fa29c7c06f01d3e8d93f606
SHA256 7555ef58d600b9cc9269c5c1155fd75ac5cdedffd0f0f7e1bcb907c2286c46c5
SHA512 e1d264711f21cd8e5479c08cc29635aba70fa4aae30cf26f39a93d3ec44601ff4f99265e2b2f326b623ed95ed7828b7cd218d5c7bc617bad86ce2a48c1ae28dd

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 4472b8c32320687b137b03353a45c8cc
SHA1 d88fe2c0c4ef8158a722b33ef80175e4b175c1a7
SHA256 c72992253191fede6361d62976cc2fb0db03728ff52391fade79dd3582e6f29d
SHA512 8c7689a098d202f03466c55ed08b314050d798c220fd4ee0f460b6979bbbc501a7485af100e6926720c21294f8bc9a8c957d2fcd3d9e260be346c399f1a5ca6c

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 679bd9799ca36ed0bf0c417f3f815cbd
SHA1 5bb41ddcddb15efad669df23f334dc6f7fe5bc5e
SHA256 b9e940dec4ece9cb0da497abaa469f5bf9c96460f65b8ba862046ec7dae59e1e
SHA512 ca4dd6fe6c825a25886ef2b339ed50f1a7188e9df122eb23d3f898998b41d18d6f1f12ca21d60c9e1ff02422b3c47cc588712ea1e3f1cf1b8f048530d03a54d6

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 9a09abae4a9f1d998716d0af73145d37
SHA1 6134876acaa7941e1b4843af8e3b5d43e250a670
SHA256 60fd947f13df30c20cfcec8fc887e57713863b6cd2eeccd0e2ea3e2416af2536
SHA512 d58fb78485d366305c5d695bdd32b36e5d52437a6f889c77556d08ecbae5a15509122b90e8d647f7939a8be59297baf95bd07b89807be558e077dcd72e867689

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 a1ab2f70bfe1d062b3188c01efeda136
SHA1 69a3b618d7b2ebb72591777d123d3da4df7099ab
SHA256 226b706164d29f9dff71ba585464512870e853c166c94442d10bd4136c9e451e
SHA512 704fc15ff13486b924abcc258defa3f832af03f3ec2840cb07a0231dc2af0af2bec4082571b99f17bee38db3a94dea264b3e2f9d485c432db2774cbbf718fb4a

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 26b15a1dd46dfdc78ae365274d86e2ab
SHA1 2869ff02abc6cd1a7bd0c710aa6cfb2e47ae1012
SHA256 8d65a44ce21bee467ea69dc1ec1bc1534730afe939773bc5a30bca89855c102d
SHA512 ce8595b8b7109f635794b10d9ffc2d27635739eab4b1e46ea96866c980a13aa86a4817a101c6667a75ba72e5a96a9764674d7bc74952dd753b3e3799d24dfeb9

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 6e3696abc3759df749e8498aaf3eb82c
SHA1 81dae2da72461b66c1956726457c036ae5d6ded2
SHA256 35a7908f479c7707ea37919204501e4b01e15d8776ffe460100ccd206445c989
SHA512 9a45421b002e241ca8d4550f3de19e17f55fc8b70f8637a4a0af40e006b42d248d63f110faf91f5539a5ccf317541ee9c785a6d300569b00d5a08e6a2e1ecbd6

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 69aa1d969c6b7efc9e6e8dd22937d57d
SHA1 850fea91ae0f49b0e2364cf631103ce6dded9584
SHA256 0e2920ef28ae632553ae3f60e9cf418077b2b9792d40832a1aba70434d690af5
SHA512 5261133616f8bb899efb5894f1f4fb639f46361457d10fdf86e07f429ad91963e0b9262091e84861bb4b39ca551633e2d9c29d8886d1990c7a5c2a91357f40ec

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 5f80287e9d1849c03a5368e3c6444c89
SHA1 556ed003dd531dd404dd0a8568cb9d1db4ff44e7
SHA256 4ad6b10ebc6cf6380fe9b281d0fd7078f78c798287465416ecc90144e10a0476
SHA512 0874c97560b1eae85ecbf053337705e457fb9eace2dfa0d1c311007d9ec6c9bd49bb81032f1a3e71b788e2b92b0389be1c6e14b9c391b660655402ba1b34a4d8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 c5385d97c92827d275ec922539ce7ede
SHA1 56a2206d8d40eaca32c642c311471941c6acc018
SHA256 41ff8f247f227e789d4d8e64c703be91cec84edcf16dcbd8032cfd62d138b8e9
SHA512 d3affa1e61dcf4d2f2cb4a2b28459c2d4558cee441401b60f360e33507bb62c3cefd2770be0cdae8cd3d6312217d7597162df598e4b350bb95829e1489506b04

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 d5a22d3fc0dc2da20123d91dd34dd57a
SHA1 138be9a59d79a7649f9af5e72f03ef4a51946c6d
SHA256 5c0750d9c424e1d911eff45e8668150d63b7497de7429d8f7ec77f3235bfb625
SHA512 b91b3fa09ff3764718bbcd366cd93959a57fa26a1fa0317a5475dbae6fc393326bb30cc638688941a790dbd769ebbb88f34fe4c5bd13837a64e6147268e3f32b

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 258b0f40a7bd22356ccfe9649ab4650b
SHA1 ff7b18a3f8e4b387f903a7e16a1eb2b6a77d6422
SHA256 bac7882b9c1f031300925e92dd4aed6743e351beb8c95aff16014960005649af
SHA512 8f050d787b14e706f4d84823c2e7bc25ba505ee900699df5f161a9e0b4f26ee2466f8be876a61c5c11fd6c582425e175cbdbb8f1dbaf6b6c29ceda780fe7fe4e

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 5629d8e18daafb04dc23a1403f9aeacd
SHA1 4c3393fbacc459933fcfe1e7733be86fa70416b1
SHA256 6b1f7cfc480c1d7d5f9f8fbaad92e698adcd4c0619874eaf7190b11e70993e9f
SHA512 9b2c19430d0a8ffc4c4f997367a7a96fd2634b62c30684af59797d364800860776cad06a73a37d66bdd7aeadfff3accbed239d4813a1daabbc0e822692fbf2d6

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 f20fee1ccd4bf19b1ec60d2b902afc53
SHA1 95aaf7cb2e2426b665d2806e8617546819f91cc7
SHA256 5968c94712d343609f664386d940f253475c92823c3e174cb0f9e4d365d2116f
SHA512 e6ed8ef9896ec5f8af1ef755669a407509a5dd8f84bc847c9514559889cdeea20cc6cd4abf0f5c3f9ac6404cc5bdcc6bb47be4f8d21c626e99a1b6495a96b4c3

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 061817300a8b0b39f0c0cc4cec4674a0
SHA1 dff412b0c18c943ceeec60cacce253a5b51b08a8
SHA256 9cf753595aee8c80c4aaf299fa8ceecaa8a5f5d15f533cfeda3b72af67e97384
SHA512 779b9af6823d7af3606209d8219dbfdcd193033b4521e6a7754ee4d2e66febe58459fd54b8a98176718e5c752a8d620df3e3841230419b0e1e301567edd39ebf

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 293438e7009dac2ce3ff14333e17d071
SHA1 373427de8afb3772fca67cac36e61a5da2d631fb
SHA256 414e98c120193a8aec464565be19d66fc6deb7e3ee6ca87dfa224e028867f9ad
SHA512 655fa9f017a09f926914ed337e42193c817cfa454c586fb080f39852c2ac9d9f49fa172e0f0cdaa159ba3439f55ad1d9a47caf6b85dbeb2b23fbc47a75923f94

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 30c6655d50deb680f8ca3a1a93653dd1
SHA1 3d2db7e166ebedc1de00f2b96430f4764fdcaffc
SHA256 5ec06f5b75de45e240751764b98a65f60e1268fa2bb4cf4cd63b7347c1c0aabf
SHA512 2420ed5ff33137ede95d352a89c9dbf890d96914966f263abe1c46d091e2fd99ee7b69b8dd90ab6af7f40fdfffe7afc9d3daf40ecba7bfd398bf84a08821ae65

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 e190180798df22c2facba4a6435df13d
SHA1 23ea5baaaa4b28c49e32db2cfb70f36fdf62aa01
SHA256 0da8d3402d485f181c851b6e9725d67365a811f13ab5dadda8f031dbdab10982
SHA512 fd89305651f6d3f2e106993dc1fb2a9e48a636d441a243fdb75df429e6e937faefdc18e63e780ac6964a279d382dd826670d5fb38979099f89b1e498eaf85f78

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 34c51ce590ab3cec203486c85343a2e9
SHA1 a9792bde5493c8f484b686d5b2c40d1d5232ccef
SHA256 72dde9763fb828f04d2d25929964783510e8421eba766a13e4ab9f672fb986f7
SHA512 e607310fbe656d60f3888f612522100d3560933f48de882bdb6cf9b0496e85e56bcdbf2cf7e7163ebb2ef1dff22642400169c80d051f1e4d87f9a4a408327f0e

C:\Program Files\7-Zip\Uninstall.exe

MD5 f54b5aae8a1ac11fcf9477452c7e389f
SHA1 e648486d2465eb5e3f2dfeedba1e592376adbce2
SHA256 7992fb316b8138da4f879e22e1a863d571766814caf0376ccacde88e043cb67e
SHA512 9e838e2dce8d847745b3398b3e8fa88c372a496dda4a6c514e2cceb9b3206314097f0302d68163f69cffba3348fce328778ac783109e452c698f4f57ba8b453f

C:\Program Files\7-Zip\7zG.exe

MD5 09b59866783800082a1b468e40e54c6b
SHA1 8b18b8e482f8cfb25de2f7daa44753470ac4e0e2
SHA256 d1d730e4e0b37eb0c5f723b2fc42acaa8ff20d80537dbf897db0de035c6ae458
SHA512 ebc3e24a8f53873826045aa2f4f800c7d1e312963d7cb3aecfafba06a254ead11275d1352336632afcdb01756448c1dbcb5082b5a37fdde2dcac53acd1d81cb3

C:\Program Files\7-Zip\7zFM.exe

MD5 201dec76e95914868a91d2defefb1d7f
SHA1 becc1a7be3877c2fc1e16d157f46c91c9aa8aa10
SHA256 7a7630a3e8e90d486cf47bad733c86c33bfd64186078514b4ab9f67a1574ca7e
SHA512 fe9f6a8bd3b4d7bfe8eb9ad7a69b2e1429ecef1bc4e7b469f1b77acee47c88c537a6041657342163f52571a0e6794454bb5e508df7897c15309820712a95c5ce

C:\Program Files\7-Zip\7z.exe

MD5 44732bf0b143a99caccdc88e3ab844f4
SHA1 ed5761e0a3b4eec7a707a30cff11bda276ae5ea1
SHA256 2af0f19ffb6d80ab8a098638e40f283e45b3b54b026e70e9deaad8fa8a534781
SHA512 8195667f005bf101ba6eab70d1b16cf486edaeb123f414c876f9bb294eb21b30183e4d00ca93ce9671562fa14ead9d5f2dc913ade46d3464c0392f24fc3083c5